Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EX] Q-in-Q (dot1q tunnel) to tag traffic from multiple customers which are aggregating on a single interface into separate SVLANs

0

0

Article ID: KB21686 KB Last Updated: 15 Dec 2011Version: 2.0
Summary:
This article provides information about Q-in-Q (dot1q tunnel). It is used to tag traffic, from multiple customers, aggregating on a single interface into separate SVLANs.
Symptoms:
  • Using the 802.1Q tunneling feature, service providers can tag two or more customer’s traffic (with separate VLAN tags) into different SVLAN tags, when all the customer traffic is received on a single interface.

  • In Q-in-Q tunneling, as a packet travels from a customer VLAN (CVLAN) into a service provider's VLAN (SVLAN), a customer-specific 802.1Q outer tag is added to packets.

  • This additional tag is used to segregate traffic into service–provider–defined service VLANs.

  • The original customer 802.1Q tag of the packet remains intact and is transmitted transparently, passing through the service provider's network.

  • The SVLAN tag is added on egress for incoming packets; here you can create a separate group for each customer tagged with a specific SVLAN.

  • As the packet leaves the SVLAN in the downstream direction, the provider 802.1Q tag is removed; leaving the original customer tag on the packet.

Cause:
 
Solution:

Topology:



 

  • Customer 1 and Customer 2 traffic is aggregated on the CPE1 and the Service Provider PE1 is receiving both customers’ traffic on the single interface ge-0/0/2.

  • Customer 1 traffic with VLAN tags 10 & 20 will be double tagged using SVLAN 3001 and customer2 traffic with VLAN tags 30 & 40 will be double tagged with SVLAN 3002.

  • PE2 and PE3 will remove the respective SVLAN tags before sending the traffic to the respective customers.

Configuration:

CPE1:
set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members all
PE1:
set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members all
set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members all
set interfaces ge-0/0/2 unit 0 family ethernet-switching

set vlans svlan1 vlan-id 3001
set vlans svlan1 interface ge-0/0/2.0
set vlans svlan1 dot1q-tunneling customer-vlans 10
set vlans svlan1 dot1q-tunneling customer-vlans 20
set vlans svlan2 vlan-id 3002
set vlans svlan2 interface ge-0/0/2.0
set vlans svlan2 dot1q-tunneling customer-vlans 30
set vlans svlan2 dot1q-tunneling customer-vlans 40

set ethernet-switching-options dot1q-tunneling ether-type 0x8100
PE2:
set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members all
set interfaces ge-0/0/1 unit 0 family ethernet-switching

set vlans svlan1 vlan-id 3001
set vlans svlan1 interface ge-0/0/1.0
set vlans svlan1 dot1q-tunneling customer-vlans 10
set vlans svlan1 dot1q-tunneling customer-vlans 20

set ethernet-switching-options dot1q-tunneling ether-type 0x8100
PE3:
root@3200-5# run show vlans dot1q-tunneling extensive 
VLAN: svlan2, Created at: Sun Jan  3 20:46:17 2010
802.1Q Tag: 3002, Internal index: 4, Admin State: Enabled, Origin: Static
Dot1q Tunneling status: Enabled
Customer VLAN ranges:
      30-30
      40-40
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 1 (Active = 1), Untagged  1 (Active = 1)
      ge-0/0/0.0*, tagged, trunk
      ge-0/0/1.0*, untagged, access
Create RVI on CPEs and verify using ping:

CPE1:
set interfaces vlan unit 10 family inet address 10.10.10.19/24
set interfaces vlan unit 30 family inet address 30.30.30.19/24
CPE2:
set interfaces vlan unit 10 family inet address 10.10.10.17/24
CPE3:
set interfaces vlan unit 30 family inet address 30.30.30.4/24
Ping from CPE1 to CPE2:
root# ping 10.10.10.17
64 bytes from 10.10.10.17: icmp_seq=0 ttl=53 time=2.785 ms
64 bytes from 10.10.10.17: icmp_seq=0 ttl=53 time=1.705 ms
Ping from CPE1 to CPE3:
root# ping 30.30.30.4
64 bytes from 30.30.30.4: icmp_seq=0 ttl=53 time=2.785 ms
64 bytes from 30.30.30.4: icmp_seq=0 ttl=53 time=1.115 ms

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search